Miscellaneous

Miscell cmds // Hack your Linux // Hack your Windows // Hashcat // Re-install Xorg

Miscellaneous commands

apparmor_status

list the current status of apparmor (sudo ~);

aa-complain /usr/sbin/mysqld

put MySQL profile in complain mode (sudo ~);

aa-complain /etc/apparmor.d/*

put all profiles into complain mode (sudo ~);

aa-enforce /usr/sbin/mysqld

put MySQL in enforce mode (sudo ~);

apparmor_parser -r
/etc/apparmor.d/usr.bin.firefox

reload the specified profile (sudo ~);

cat /sys/kernel/security/apparmor/profiles

display info about apparmor profiles (sudo ~);

clear

clears the terminal screen; it looks in the env for the terminal type, then in the terminfo database to figure out how to clear the screen; though it was created for non-GUI env, it may work in X terminal window too;

convert picPrevNext.png -transparent white picPrevNext.png

(ImageMagic pkg) makes a PNG image with transparent background (assuming that original background is white);

convert -transparent lightgrey btn01.svg btn01.png

(ImageMagic pkg) creates a transparent PNG image from an SVG file (assuming that SVG background is lightgrey);

depmod -a

probe all modules, create a list of module dependencies (modules.dep) by reading each module under /lib/modules/version, create map files;

ethtool eth0

show current setting of eth0 device;

ethtool -i eth0

show eth0 driver info;

ethtool -s speed 10 eth0

set eth0 speed to 10 Mb/s;

fetchmail -F -u elma some.domain.net

remove messages from a mail box on a remote mail server;

getfacl info.dat

show ACLs of the specified file;

getfacl data_dir

show ACLs of the specified dir;

getfacl -R data_dir

show ACLs of the specified dir recursively;

hddtemp /dev/sda     show HDD temperature;

hdparm /dev/hda     show HDD I/O parameters;

hdparm -t /dev/hda     test HDD transfer rate;

hdparm -d1m2c3u1     set HDD parameters;

htpasswd /usr/local/etc/passwd pro07

set/modify SQUID proxy password for user pro07 (root priv);

htpasswd -D /usr/local/etc/passwd pro09

delete user's (pro09) password from SQUID proxy password file (root priv);

md5sum /u01/Download/ffmpeg-release-64bit-static.tar.xz

output the md5 checksum of the specified archive; usually you must compare it with the checksum in a separately downloaded *.md5 file;

mlabel -i /dev/sdd1 -s ::

(sudo ~) display FAT32 volume label; usually you should also set mtools_skip_check=1 in ~/.mtoolsrc;

mlabel -i /dev/sdd1 ::MY_USB02

(sudo ~) assign label (MY_USB02) to a USB flash drive (assuming fs type is FAT32); label makes mount procedure more predictable and helps to avoid random (sometimes awkward) chars in path;

mount -tsecurityfs securityfs /sys/kernel/security

mount securityfs (usually it is mounted auto);

nohup command &

continue program execution even after user logs out;

ntfsfix -n /dev/sda2

check NTFS volume, don't try to repair/modify anything;

pgp -c info.msg

encrypt the specified file; this is the simplest method, no public / private key is required, you must only type a sufficiently long pass phrase when prompted;

pgp info.pgp

decrypt the pgp-encrypted file (you'll be prompted for password that was used for encryption);

pgp cfile [-o pfile]

decrypt / check the signature integrity of a signed file;

pgp -kg     generate unique public / secret key pair;

pgp -ka keyfile [keyring]

add a public or secret key file's contents to pub or sec key ring;

pgp -kx userid keyfile [keyring]

pgp -kxa userid keyfile [keyring]

extract (copy) a key from the public or secret key ring;

pgp -kv[v] [userid] [keyring]

view the contents of the public key ring;

pgp -kvc [userid] [keyring]

view the "fingerprint" of a public key;

pgp -kc [userid] [keyring]

view the contents and check the certifying signatures of your public key ring;

pgp -e textfile userid

encrypt a plaintext file with the recipient's public key;

pgp -s textfile [-u my_userid]

sign a plaintext file with your secret key;

pgp -sta textfile [-u my_userid]

sign a plaintext ASCII text file with your secret key, producing a signed plaintext message suitable for sending via e-mail;

pgp -es textfile userid [-u my_userid]

sign a plaintext file with your secret key, and then encrypt it with the recipient's public key;

pgp -e textfile userid1 userid2 userid3

encrypt a message for any number of multiple recipients;

rev mesg.txt > mesg2.txt

reverse the order of chars in each line;

sar -u 5 5     CPU utilization (every 5 sec, 5 times);

sar -u -o cpu.rpt 3 10     CPU utilization (-o : write to a file);

sar -U 0 5 5     first CPU utilization (in SMP system);

sar -r 3 5     mem & swap utilization (3 sec interval);

sar -c 3 5     process creation activity;

sar -b 3 10     block I/O activity;

sar -d 3 10     block I/O activity on each block device;

sar -q 5 10     queue length & load averages;

sar -R 5 10     mem statistics;

sar -w 3 5     total number of context switches per sec;

sar -W 3 10     swapping activity;

sar -B 3 10     paging activity;

sar -n eth1 3 10     network activity;

sensors     show sensors info (voltages, temperatures, etc);

sensors -f     show temperatures in Fahrenheit;

setfacl -m u:alex:rw data_dir

grant read / write aceess on data_dir to user alex;

setfacl -x g:sales:w data_dir

revoke write access on data_dir from group sales;

smbclient -L srv2

show services (shares) available on srv2;

smbclient -L srv2 -U max

show services (shares) available on srv2 (connect as user max; you'll be prompted for a password);

smbclient -L srv2 -A nt_auth.dat

show services (shares) available on srv2 (connect using auth data stored in nt_auth.dat file);

smbclient //srv3/user -A ntfile.txt

connect to the shared resource user on srv3 using auth file ntfile.txt;

smbmount \\srv3\user /disk_h
-o codepage=cp1251,iocharset=utf-8,rw

mount shared resource \\srv3\user on dir /disk_h in read-write mode providing character translation;

smbumount /disk_h

unmount shared resource mounted on /disk_h;

smbpasswd

change your SMB password on the local machine (you'll be prompted for old password and then twice for a new one);

smbpasswd -r srv2 -U pro7

change password for user pro07 (assuming that srv2 is a Windows NT Primary Domain Controller); you'll be prompted for old and new passwords;

smbpasswd -r srv2 -U pro7 -s < pass.txt

change password for user pro07 (srv2 is a Windows NT PDC); -s is used to suppress prompting for passwords and to force program to take them from pass.txt (ad hoc name) file that looks like this:

old_pass
new_pass
new_pass

tape rewind     rewind tape (SCSI, QIC..);

tape erase     erase tape (SCSI, QIC..);

tape reten     re-tension tape (SCSI, QIC..);

tape reset     reset tape controller & drive;

tzselect     asks user for info about the current location, and outputs the resulting time zone description to stdout (output is suitable as a value for the TZ env variable);

unlink app.dat     remove file;

uptime     show current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes;

users     show user names of users currently logged in;

xxd -ps mbr.dat     ouput binary contents of mbr.dat in hex form; in some way xxd is similar to uudecode and uuencode, it can convert a binary file to a hex dump and vice versa;

Hacking your own system (Linux)

You forgot your password. What are you going to do?

  1. Reboot and pause GRUB (Shift or Esc. See Boot).
  2. Select and edit kernel line (e): replace ro quiet splash, etc with rw init=/bin/bash
  3. Press b key to boot.
  4. When the system is ready, change the pass (passwd name).
  5. Reboot (sync; reboot -f).

Also, you can boot in single user mode (pass is not required). If root fs is mounted read-only (and in this case it usually is), remount it with:

mount -o remount,rw /

Hacking your own system (MS Windows)

The Windows SAM database is usually in the .../Windows/System32/config. You can use some Linux Live CD/USB with chntpw (or you can download/install it).

chntpw -l SAM

outputs a list of usernames on the system. Choose the name and type:

chntpw -u username SAM

This cmd allows you to clear or change pass (the last may not work with Win 7/8).

With Kali Linux ophcrack application you can try to crack a pass, but it may be waste of time if pass is good.

Reinstall Xorg (Ubuntu)

Each Ubuntu Desktop Environment has its own pkg name. Reinstalling Xorg:

sudo apt-get purge xorg-* xserver-xorg; sudo apt-get install xorg xserver-xorg; sudo dpkg-reconfigure xorg

Reinstalling desktop env Unity:

sudo apt-get purge ubuntu-desktop; sudo apt-get install ubuntu-desktop

Reinstalling desktop env Gnome:

sudo apt-get purge ubuntu-gnome-desktop gnome-desktop-environment; sudo apt-get install ubuntu-gnome-desktop

Reinstalling desktop env Mate:

sudo apt-get purge ubuntu-mate-desktop mate-desktop-environment; sudo apt-get install ubuntu-mate-desktop

Hashcat

See doc at hashcat.net/wiki.

Building hashcat for Linux (and MacOS)

Find some empty dir, and get a copy of the hashcat repository:

git clone https://github.com/hashcat/hashcat.git

Get a copy of the OpenCL Headers repository:

cd hashcat

git submodule update --init

Build:

make

Install:

sudo make install

Usage example

(Assuming you've got the hash)
Prepare target hash file (i.e., file containing hashes to be cracked), e.g.:

cp /etc/shadow hash.lst

This file keeps the whole lines form a password file, you must remove everything except hashes itselves (it usually begins with $6$... and goes until first colon (:). The cmd itself looks like:

hashcat -m 1800 -a 0 -o cracked.txt --remove hash.lst /usr/local/share/doc/hashcat/example.dict

where: